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DETAILED ACTION 

1 . This Office Action is in response to the Application filed on February 8, 2007, in 
which claims 37-72 are presented for examination. 

Status of Claims 

2. Claims 37-72 are pending, of which claims 37-72 are rejected under 35 U.S.C. 
103. Claims 62-72 are also rejected under 35 U.S.C. 101. Claims 43-45, 54-56, and 
65-67 are also rejected under 35 U.S.C. 112, second paragraph. 

Information Disclosure Statement 

4. The information disclosure statement, filed May 24, 2006 is in compliance with 
the provisions of 37 CFR 1 .97, 1 .98 and MPEP § 609. It has been placed in the 
application file, and the information referred to therein has been considered as to the 
merits. 

Specification 

5. Applicant is reminded of the proper language and format for an abstract of the 
disclosure. 
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The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 150 words. It is important that 
the abstract not exceed 150 words in length since the space provided for the abstract 
on the computer tape used by the printer is limited. The form and legal phraseology 
often used in patent claims, such as "means" and "said," should be avoided. The 
abstract should describe the disclosure sufficiently to assist readers in deciding whether 
there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information 
given in the title. It should avoid using phrases which can be implied, such as, "The 
disclosure concerns," "The disclosure defined by this invention," "The disclosure 
describes," etc. 

The abstract of the disclosure is objected to because it is too long. Correction is 
required. See MPEP § 608.01(b). 

6. The disclosure is objected to because of the following informalities: Page 2, 
paragraph [0004], lines 5-8 of the detailed description recite, "This is commonly 
achieved by entering into the managed device a management order which request one 
or more management operations over one or more managed data objects said device 
holds". Page 2, paragraph [0004], lines 5-8 of the detailed description should recite, 
"This is commonly achieved by entering into the managed device a management order 
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which requests one or more management operations over one or more managed data 
objects said device holds". 

Appropriate correction is required. 

7. The lengthy specification has not been checked to the extent necessary to 
determine the presence of all possible minor errors. Applicant's cooperation is 
requested in correcting any errors of which applicant may become aware in the 
specification. 

Claim Objections 

8. Claims 42-43, 53-54, and 64-65 are objected to because of the following 
informalities: 

Claims 42-43, 53-54, and 64-65 each recite the following limitation: "...among the 
first second and third management templates, according to"... Claims 42-43, 53-54, 
and 64-65 should recite, "...among the first, second, and third management templates, 
according to"... 

Appropriate correction is required. 

Claim Rejections - 35 USC §112 



9. 



The following is a quotation of the second paragraph of 35 U.S.C. 112: 
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The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

10. Claims 43-45, 54-56, and 65-67 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly 
claim the subject matter which applicant regards as the invention. 

Regarding claims 43, 54, and 65, applicant recites, "...a management access 
template, among the first second and third management templates, according to an 
access attribute comprised in another selected management access template". It is 
not clear as to whether the another selected management access template is one of 
the first second and third management templates, or another separate 
management access template. Thus the metes and bounds of the claims cannot be 
understood as written. 

Regarding claims 44-45, 55-56, and 66-67, applicant recites, "wherein the 
identifier (ORID) of an origin manager comprises at least one identifier selected from 
the group consisting of:"... There is no prior mention of any identifier (ORID) of an 
origin manger in any of the preceding parent claims. There is insufficient antecedent 
basis for this limitation in the claims. Thus the metes and bounds of the claims cannot 
be understood as written. 



Claim Rejections - 35 USC § 101 
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11. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 



12. Claims 62-72 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 



As per claims 62-72, a "computer program" is cited. Applicant fails to define 
within the claims the embodied features and limitations on a tangible computer readable 
medium such as a hard drive, disks, displays, and other hardware elements. Thus, the 
"computer program" is functional descriptive material per se and hence nonstatutory. 



Claim Rejections - 35 USC § 103 



1 3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



14. Claims 37-72 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Black et al. (United States Patent Application Publication No. US 
2002/0116485 A1), hereinafter "Black" in view of Esko Freese (International Patent 
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Application Publication No. WO 02/19116 A2), hereinafter "Freese". 

Regarding claims 37, 51 , and 62, Black discloses an apparatus for mediating in 
management orders between a plurality of origin managers and a plurality of managed 
devices in a telecommunications system, the management orders intended to execute 
management operations over the managed devices, comprising: 

a communication receiver component arranged to receive a management order 
from an origin manager (wherein templates may be originated in OSS client and relayed 
to and received in NMS servers) (Black, FIG. 3b and 3h-3i combined, paragraphs 
[0408]-[0416]); 

a management access template, the management access template being one 
selected from the group consisting of: a first management access template in 
relationship with an identifier of the origin manager (wherein network manager may 
need to supply username and password upon establishing connection with OSS client, 
NMS server, and corresponding network device) (Black, FIG. 3i, paragraphs [0415]- 
[0416]); a second management access template in relationship with an identifier of a 
managed data object affected by the management order (wherein flexible naming 
procedure is used to derive and identify objects with which processes need to 
communicate with) (Black, FIG. 1, paragraph [0442]); and a third management access 
template in relationship with an identifier of a managed device affected by the 
management order (wherein IP address and/or (DNS) name is provided for host lookup 
used to determine IP address for accessing corresponding network device) (Black, FIG. 
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3i, paragraphs [0415]-[0416]); and 

a communication sender component arranged to send an allowed management 
order to a managed device (wherein NMS server relays template with instructions to 
corresponding network device) (Black, FIG. 3b and 3h-3i combined, paragraphs 
[0408]-[0416]). 

Black does not explicitly disclose a management verifier component arranged to 
determine whether the received management order is an allowed management order by 
checking whether the management order fits an access attribute. 

However Freese discloses a management verifier component arranged to 
determine whether the received management order is an allowed management order by 
checking whether the management order fits an access attribute (wherein operator 
initiates sending of instruction from originating management console, containing identity 
of application to be controlled, and is cryptographically signed for authentication) 
(Freese, FIG. 1-FIG. 2, page 5, line 23-page 6, line 9). 

Black and Freese are analogous art because they are from the same problem 
solving area, namely, management of client devices in telecommunications networks. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art, having the teachings of Black and Freese before him or her, to modify the 
telecommunications management apparatus of Black, to include the cryptographic- 
authenticating-instruction functionality of Freese, with reasonable expectation that this 
would result in a system that guaranteed the security and reliability of received 
management instructions, without the requirement of special secure network 
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management protocols such as SNMP Version 3, thereby allowing any compatible 
network management protocol to be used and not a specially enhanced version having 
built-in encryption and security. This approach to improving the telecommunications 
management apparatus of Black was well within the ordinary ability of one of ordinary 
skill in the art based on the teachings of Freese. 

Therefore, it would have been obvious to one of ordinary skill in the art to 
combine the teachings of Black and Freese to obtain the invention as specified in claim 
37. 

Claim 62 includes a computer program for performing the limitations substantially 
as described in claim 37. Black-Freese discloses a computer program for mediating 
from a computer-based apparatus in management orders between a plurality of origin 
managers and a plurality of managed devices in a telecommunications system for 
performing the limitations substantially as described in claim 37 (wherein computer 
system in telecommunications network with plurality of origin managers and plurality of 
managed devices includes centralized processor with control processor subsystem that 
executes instance of the kernel including master control and server programs to actively 
control system operation by performing major portion of control functions) (Black, FIG. 
1, and FIG. 2a-2b, paragraphs [0103]-[0110], [0112]-[0118], and [0125]-[0126]). The 
motivation regarding the obviousness of claim 37 is also applied to claim 62; therefore, 
claim 62 is rejected under the same rationale. 

Additionally, claim 51 recites a method for mediating in the management of a 
plurality of devices from a plurality of origin managers that performs the limitations 



Application/Control Number: 10/596,003 Page 10 

Art Unit: 2441 

substantially as described in claims 37 and 62 and is rejected for similar reasons. 

Regarding claim 38, Black-Freese discloses the apparatus of claim 37, wherein 
the first management access template further comprises at least one access attribute 
selected from the group consisting of: an identifier of an allowed management operation 
(wherein instruction is identified with cryptographic signature) (Freese, FIG. 1-FIG. 2, 
page 5, line 23-page 6, line 9); an identifier of an allowed managed data object; a 
pattern structure of the managed data object; an identifier of an allowed managed 
device; an identifier of an allowed management operation over an allowed managed 
device; and an identifier of an allowed management operation over an allowed 
managed data object. The motivation regarding the obviousness of claim 37 is also 
applied to claim 38. 

Regarding claim 39, Black-Freese discloses the apparatus of claim 37, wherein 
the second management access template further comprises at least one access 
attribute selected from the group consisting of: a pattern structure of the managed data 
object; an identifier of an allowed management operation (wherein instruction is 
identified with cryptographic signature) (Freese, FIG. 1-FIG. 2, page 5, line 23-page 6, 
line 9); an identifier of a managed device holding the managed data object; an identifier 
of an allowed origin manager; an identifier of an allowed management operation from an 
allowed origin manager; and an identifier of an allowed management operation over a 
holding managed device. The motivation regarding the obviousness of claim 37 is also 
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Regarding claim 40, Black-Freese discloses the apparatus of claim 37, wherein 
the third management access template comprises at least one access attribute selected 
from the group consisting of: an identifier of an allowed management operation (wherein 
instruction is identified with cryptographic signature) (Freese, FIG. 1-FIG. 2, page 5, 
line 23-page 6, line 9); an identifier of a managed data object held on the managed 
device; an identifier of an allowed origin manager; an identifier of an allowed 
management operation from an allowed origin manager; and an identifier of an allowed 
management operation over a held managed data object. The motivation regarding the 
obviousness of claim 37 is also applied to claim 40. 

Regarding claim 41 , Black-Freese discloses the apparatus of claim 37, wherein 
the management verifier component is arranged to determine, from the identifier of a 
management operation, at least one identifier, the identifier being one selected from the 
group consisting of: an identifier of a managed data object affected by the operation; 
and an identifier of a managed device, affected by the operation (wherein the header of 
the SMS message contains the phone number identifying the device affected by the 
operation) (Freese, FIG. 1-FIG. 2, page 5, line 23-page 6, line 9). The motivation 
regarding the obviousness of claim 37 is also applied to claim 41 . 
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Regarding claim 42, Black-Freese discloses the apparatus of claim 37, wherein 
the management verifier component is arranged to select a management access 
template, among the first second and third management templates, according to an 
identifier received in a management order (wherein a number of various management 
templates may be transmitted to NMS server from OSS client, templates with 
instructions may be selected after verified via verification component) (Black, FIG. 3b 
and 3h-3i combined, paragraphs [0408] -[041 6], Freese, FIG. 1-FIG. 2, page 5, line 
23-page 6, line 9). The motivation regarding the obviousness of claim 37 is also 
applied to claim 42. 

Regarding claim 43, Black-Freese discloses the apparatus of claim 42, wherein 
the management verifier component is arranged to select a management access 
template, among the first second and third management templates, according to an 
access attribute comprised in another selected management access template (wherein 
template may be selected and verified based on identification of authorized 
cryptographic signature, which is comprised in other templates) (Black, FIG. 3b and 
3h-3i combined, paragraphs [0408]-[0416], Freese, FIG. 1-FIG. 2, page 5, line 23- 
page 6, line 9). The motivation regarding the obviousness of claim 37 is also applied to 
claim 43. 

Regarding claim 44, Black-Freese discloses the apparatus of claim 42, wherein 
the identifier (ORID) of an origin manager comprises at least one identifier selected from 
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the group consisting of: an identifier of a management server sending a management 
order; and an identifier of a user operating the management server (wherein network 
manager may need to supply username and password upon establishing connection 
with OSS client, NMS server, and corresponding network device) (Black, FIG. 3i, 
paragraphs [0415]-[0416]); and 

wherein the management verifier component is arranged to select the first 
management access template according to the at least one identifier (wherein verifier 
selects management instructions upon verifying cryptographic signature) (Freese, FIG. 
1-FIG. 2, page 5, line 23-page 6, line 9). The motivation regarding the obviousness of 
claim 37 is also applied to claim 44. 

Regarding claim 45, Black -Freese discloses the apparatus of claim 42, wherein 
the identifier (ORID) of an origin manager comprises at least one identifier selected from 
the group consisting of: an identifier of a management server sending a management 
order; and an identifier of a user operating the management server (wherein network 
manager may need to supply username and password upon establishing connection 
with OSS client, NMS server, and corresponding network device) (Black, FIG. 3i, 
paragraphs [0415]-[0416]); and wherein the management verifier component is 
arranged to authenticate the at least one identifier (wherein verifier selects management 
instructions upon verifying cryptographic signature) (Freese, FIG. 1-FIG. 2, page 5, line 
23-page 6, line 9). The motivation regarding the obviousness of claim 37 is also 
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Regarding claim 46, Black-Freese discloses the apparatus of claim 42, wherein 
the management verifier component is arranged to determine a management role 
associated to at least one identifier, the identifier being one selected from the group 
consisting of: an identifier of a management server sending a management order; and 
an identifier of a user operating the management server (wherein network manager may 
need to supply username and password upon establishing connection with OSS client, 
NMS server, and corresponding network device) (Black, FIG. 3i, paragraphs [0415]- 
[0416]). The motivation regarding the obviousness of claim 37 is also applied to claim 
46. 

Regarding claim 47, Black-Freese discloses the apparatus of claim 46, wherein 
the management verifier component is further arranged to select at least one 
management access template in relationship with the role (wherein network manager 
may need to supply username and password upon establishing connection with OSS 
client, NMS server, and corresponding network device, verifier selects management 
instructions upon verifying cryptographic signature) (Black, FIG. 3i, paragraphs [0415]- 
[0416], Freese, FIG. 1-FIG. 2, page 5, line 23-page 6, line 9). The motivation 
regarding the obviousness of claim 37 is also applied to claim 47. 
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Regarding claim 48, Black-Freese discloses the apparatus of claim 46, wherein 
at least one management access template among the second or third management 
templates comprises an identifier (ROm) of at least one role as an access attribute, and 
wherein the Management Verifier Component is further arranged to check whether the 
management order fits with the role (wherein batch templates may contain names of 
control templates to cause OSS client to issue calls to NMS server affecting 
corresponding network device, authorized network manager non-interactively 
completing provisioning tasks and building custom services) (Black, FIG. 3b, 
paragraphs [0410]-[0411]). The motivation regarding the obviousness of claim 37 is 
also applied to claim 48. 

Regarding claim 49, Black-Freese discloses the apparatus of claim 37, wherein 
the management verifier component is arranged to determine whether a managed data 
object affected by an allowed management order is an access attribute in a 
management access template, and further comprising a management execution 
component, arranged to execute a management operation over the access attribute 
(wherein templates comprise various parameter values which affect data objects, may 
be provisioned by network managers upon establishing connections with NMS server 
and network devices, while verifier component verifies and determines whether object is 
known attribute, (i.e., antivirus signatures previously identified and stored in database, 
used to identify viruses in scanned data), upon authentication, management agent may 
update signature database and execute instruction) (Freese, FIG. 1-2, page 6, lines 
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17-26). The motivation regarding the obviousness of claim 37 is also applied to claim 
49. 

Regarding claim 50, Black-Freese discloses the apparatus of claim 37, wherein 
the communication receiver component is further arranged to receive an access request 
from an origin manager (wherein NMS server issues provisioning requests for template 
in response to calls from OSS client) (Black, FIG. 3h, paragraph [0414]); 

wherein the management verifier component is further arranged to determine the 
first management access template (wherein verifier component determines whether 
instruction is authorized) (Freese, FIG. 1-FIG. 2, page 5, line 23-page 6, line 9); and 

wherein the communication sender component is further arranged to send an 
access response to the origin manager that comprises an access attribute of the 
management access template (wherein network manger may send command to 
interactive interpreter to cause OSS client to display available and acceptable 
parameter values for each template) (Black, FIG. 3i, paragraphs [0417]-[0418]). The 
motivation regarding the obviousness of claim 37 is also applied to claim 50. 

Claims 52-61 are corresponding method claims of apparatus claims 41-50; 
therefore, they rejected under the same rationale. 

Claims 63-72 are corresponding computer program claims of apparatus claims 
41-50; therefore, they are rejected under the same rationale. 
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Conclusion 

1 5. Further references of interest are cited on Form PTO-892, which is an 
attachment to this Office Action. 

16. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kostas Katsikis whose telephone number is (571)270- 
5434. The examiner can normally be reached on Monday - Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Wing Chan can be reached on (571)272-7493. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Kostas Katsikis/ 

Examiner 

Art Unit 2441 

June 16, 2009 
/Wing F. Chan/ 

Supervisory Patent Examiner, Art Unit 2441 



